First, I am NOT saying that spammers
will spam through mailing lists.
Good. Otherwise we can drop section A.4 and quit worrying about
signatures surviving mailings lists and mailings lists resigning
messages. BTW: is the last paragraph in A.4 up to date?
I've always said it's not worth worrying about. Some lists pass mail
through verbatim so any signatures will survive. Other lists rewrite
HTML, add headers and footers, add, delete, and reorder MIME parts so no
signature could survive. Other lists are at any imaginable point in
between. Jim Fenton has been one of the more articulate advocates of list
survival so he should be able to explain the rationale.
So I don't see your point.
Yeah. Let's try an example. You're running an ISP, and you're using a
swell new signature system which includes an anti-replay feature that can
detect multiple deliveries. You have two users, A and B, that each send
out a message, and five minutes later the replay detector goes off and
tells you that each message has been delivered a thousand times. Uh, oh.
One of the users is a spammer who sent a message to an accomplice who
spammed it out to a thousand victims. The other user sent mail to a
mailing list that happens not to break signatures, and the list sent the
mail out to a thousand subscribers.
To make the comparison easier, assume that the accomplice is using zombies
that relay mail through their ISP's MTA (quite common now), and the
mailing list is on a small business line that sends mail through its ISP's
MTA, so all two thousand detected deliveries came from normal ISP MTAs.
Which user is the spammer and which is the list subscriber? Which account
do you cancel? How do you tell which is which?
R's,
John